Software installation is a challenging task for most vendors. Typically, vendors need to provide a mechanism for installing software that is performed securely from a server. The server may be hosted by the vendor or at a remote location. To ease the process of software installation on a client, software installations are typically made over a private and/or a public network connecting the client with the server. For example, the server and the client are coupled via the Internet, where the Internet has emerged as a preferred transmission medium.
In typical network based software installations, the client identifies the required software to be installed and transmits a request to the server for the software products. The software products are transmitted to the client over a network and then installed on the client. Installing the received software on the client may be performed with or without human intervention. Security of the network finds importance, where for example, software such as an anti-virus product update and/or a security patch needs to be installed on the client. Network based software installation is vulnerable to malicious attacks as software products transmitted over the network can be accessed by hackers and spoofers, causing permanent and/or critical damage to the client and/or to the server. The malicious elements can then execute on the client causing damage to the client, and may further be configured to transmit a part of the malicious element back to the server and/or other devices coupled to the network from the client, thereby causing damage to the server and/or other connected devices as well.
In one example the client computing device (client), is coupled to an imaging device (e.g., an ultrasound scanner, a computer tomography scanner, etc.) at a hospital. The client is configured to collect data from the imaging device and generate images based on the collected data, which are then displayed on the imaging device for diagnosis of a patient. To process the data collected into respective images, the client requires imaging software, which is configured to collect data from the imaging device and generate a suitable image. In addition to the imaging software, other software products (e.g., operating system, etc) may also be required. In the example, a new version of the vendor's imaging software is available via the internet, for installation by the client. Preferably, receiving and installing of the new version of the vendor's imaging software at the client is performed as a background task. However, a disadvantage is that software transmitted over the internet (i.e., the vendor's imaging software) is prone to malicious attacks, which might harm the client, server, or other devices in communication with the client or server over the network. A further disadvantage is that the malicious elements may expose critical data (e.g., personal data, financial data, medical data, etc.) to malicious sources.
In another example, the client is coupled to an Automatic Teller Machine (ATM). In addition to running the financial software which needs to update each transaction with a server, the client also includes various other programs (e.g., the operating system). Typically, when the client transmits the request to a bank server, the request is digitally signed by a third party vendor and at the bank server the third party's digital signature needs to be verified before the transaction can be processed. The transactions that are transmitted over the Internet are prone to malicious attacks, where such attacks may compromise critical data associated with the transactions. Also, where the ATM requires installation of a security patch to the financial software product, the server is configured to transmit the security patch to the client. The client receives the security patch and installs the security patch on the client. However, because the security patch is transmitted over the internet it may be vulnerable to malicious attacks. If the security patch were tampered with during transmission, such tampering may result in damage to client, server, or other devices in communication with the client or server over the network. A further disadvantage is that such malicious elements may expose critical data from the client and/or the server. Yet a further disadvantage is that the security patch may need authorization of a third party vendor which consumes resources and is expensive.
U.S. Pat. No. 7,055,036 discloses a system and method for verifying that a peer is a trusted peer using signed receipts in a peer-to-peer network environment. The method generally comprises broadcasting a request over the network by a requesting peer for a task with respect to a remote non-local backend server, receiving a response to the request from the service-providing server, verifying a digital certificate of the response issued by the remote non-local backend server indicating that the responding service-providing server is trusted for the requested task, and forwarding the task to a local alias URL of the responding peer for performance of the task by the responding server if the verifying is successful. The digital certificate may be a 1024-bit VeriSign digital certificate. The verifying ensures that the local alias URL is approved by the non-local backend server for the requested task. A disadvantage is that verifying the digital certificates requires a remote non-local backend server as the digital certificate belongs to a third party and such transmission to a third party server may be intercepted by hacker. Further, it requires significant resources to maintain the non-local backend server for the verification process and is expensive.
Therefore, there is a need for an improved network based installation management system and a secure method preventing malicious alterations to software.